CVE-2022-23320

Published: Feb 7, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database.

Affected (1)

Products: Xerox: Xmpie Ustore

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xerox Xmpie Ustore	Version 12.3.7244.0

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (8)

http://xmpie.com

Source: cve@mitre.org

Vendor Advisory

https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29

Source: cve@mitre.org

Third Party Advisory

https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.xmpie.com/ustore-release-notes/

Source: cve@mitre.org

Release NotesVendor Advisory

http://xmpie.com

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.linkedin.com/feed/update/urn:li:activity:6894666176450887681?commentUrn=urn%3Ali%3Acomment%3A%28activity%3A6894666176450887681%2C6895051709354192896%29

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.triaxiomsecurity.com/xmpie-ustore-vulnerabilities-discovered/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.xmpie.com/ustore-release-notes/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.